Ci4-cms-erp

Ci4ms

27 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2026-39394

Exploit
  • EPSS 0.02%
  • Veröffentlicht 08.04.2026 14:32:31
  • Zuletzt bearbeitet 16.04.2026 00:00:36

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Install::index() controller reads the host POST parameter without any validation and ...

8.1

CVE-2026-39393

Exploit
  • EPSS 0.02%
  • Veröffentlicht 08.04.2026 14:31:44
  • Zuletzt bearbeitet 16.04.2026 00:02:57

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the install route guard in ci4ms relies solely on a volatile cache check (cache('settings...

4.8

CVE-2026-39392

Exploit
  • EPSS 0.01%
  • Veröffentlicht 08.04.2026 14:30:59
  • Zuletzt bearbeitet 16.04.2026 00:09:55

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Pages module does not apply the html_purify validation rule to content fields during ...

4.8

CVE-2026-39391

Exploit
  • EPSS 0.01%
  • Veröffentlicht 08.04.2026 14:30:18
  • Zuletzt bearbeitet 16.04.2026 00:14:31

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the blacklist (ban) note parameter in UserController::ajax_blackList_post() is stored in ...

5.5

CVE-2026-39390

  • EPSS 0.01%
  • Veröffentlicht 08.04.2026 14:29:28
  • Zuletzt bearbeitet 08.04.2026 21:26:13

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Google Maps iframe setting (cMap field) in compInfosPost() sanitizes input using stri...

7.2

CVE-2026-39389

Exploit
  • EPSS 0.01%
  • Veröffentlicht 08.04.2026 14:28:29
  • Zuletzt bearbeitet 16.04.2026 00:19:58

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, This vulnerability is fixed in 0.31.4.0.

7.2

CVE-2026-35035

  • EPSS 0.1%
  • Veröffentlicht 06.04.2026 16:49:10
  • Zuletzt bearbeitet 08.04.2026 15:16:12

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.2.0, the application fails to properly sanitize user-controlled input within System Settings –...

9.4

CVE-2026-34989

  • EPSS 0.05%
  • Veröffentlicht 06.04.2026 16:25:54
  • Zuletzt bearbeitet 07.04.2026 17:16:29

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 31.0.0.0, the application fails to properly sanitize user-controlled input when users update their ...

8.8

CVE-2026-34572

Exploit
  • EPSS 0.09%
  • Veröffentlicht 01.04.2026 21:35:10
  • Zuletzt bearbeitet 06.04.2026 16:32:05

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to immediately revoke active user sessions when an account ...

9

CVE-2026-34571

Exploit
  • EPSS 0.05%
  • Veröffentlicht 01.04.2026 21:32:16
  • Zuletzt bearbeitet 06.04.2026 16:33:14

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, a Stored Cross-Site Scripting (Stored XSS) vulnerability exists in the backend us...